Slashdot Mirror
Moglen: Facebook Is a Man-In-The-Middle Attack
jfruh writes "In an email exchange with privacy blogger Dan Tynan, Columbia law professor Eben Moglen referred to Facebook as a 'man in the middle attack' — that is, a service that intercepts communication between two parties and uses it for its own nefarious purposes. He said, 'The point is that by sharing with our actual friends through a web intermediary who can store and mine everything, we harm people by destroying their privacy for them. It's not the sharing that's bad, it's the technological design of giving it all to someone in the middle. That is at once outstandingly stupid and overwhelmingly dangerous.' Tynan is a critic of Facebook, but he thinks Moglen is overstating the case."
Then in his opinion, wouldn't email be the same? It's stored on some 3rd party mail server somewhere... and for that matter, wouldn't all form of electronic communication that gets copied/stored somewhere not under your personal control also be classified as a "man in the middle attack"?
as with most social sites, search engines, free email services, you are not customer, you and your relationships are product
It amazes me that people think Moglen is overstating the case. He is not. Let's forget the datamining for commerce. Let's just think about what a simple post on a social network can do with ones life. People have been murdered over a post on social networks by goverments. People have been held in custody (hi USA) over posting a qoute from family guy... Moglen is right. Everything you post on facebook, twitter, hell any service that has an office in the USA will get into the FBI, CIA an SS databanks and you will get in trouble if you post something those warmongers don't like. Moglen is right. Using centralized, datamined networks is stupid and even more dangerous. It takes a lot of effort not to see that.
Besides the term doesn't apply -- in a man in the middle attack, the man in the middle needs to be invisible. Though I suppose you could argue that the vast majority of people using FB don't understand how the Internet works enough to know that they are really sharing information through a third party that holds on to everything, instead thinking of their communication as analogous to sending a paper letter...
weinersmith
If it looks like an apple, and it tastes like and apple, and if it turns into an apple tree after you bury it, it is an apple.
Language isn't that hard.
Your ISP does not see the information you transmit if it's encrypted, or email, chat, etc.
Facebook CAN see the messages you send, even if your communication to and from facebook is encrypted.
Some kind of man in the middle attack?
where is your like button?
More like it's payment for services. Did anyone sign up to facebook thinking it was a charity to help people make friends?
your thin skin doesn't make me a troll
Or better said, if you're not the farmer, you're the pig.
Free food, water and a place to live?!? What could possibly go wrong?
=================
Unix is very user friendly, it's just picky about who its friends are.
I do think it's a widespread ethical view that these utility-like services shouldn't use the information for their own gain. In the phone era, that was formalized with fairly detailed rules; AT&T couldn't just randomly listen in on your phone calls and use it to sell advertising profiles to mail-order catalogues. In the internet era technology is moving faster than people/law can keep up with.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
It's not the same. Obviously, we have to depend on companies every day. But if we don't like a car company, or a traditional ISP, we can switch to another car or ISP. Facebook is different. If you leave, you leave the ability to connect to many of the people that you connected to via Facebook.
I own my own domain name, and use email and blogs to communicate from a site whose name I own. I do depend on companies to support my DNS and webservice. But if I don't like what those companies do, I can switch or do it myself. I have a Facebook account, but I don't normally use it; it just creates too many problems.
We all need suppliers; that's not the problem. The problem is dependency, that is, being (practically) unable to switch. Being dependent on an external company really is a risk.
- David A. Wheeler (see my Secure Programming HOWTO)
Moglen is absolutely correct and I am very impressed by this great analogy: Facebook (and some other "social" media) is a man-in-the-middle attack; it's just not a technical hack but a social hack. Best 20 second explanation ever.
Google might very well join them soon - if they use profiling on gmail conversations.
Sigh - straw man arguments are so tiresome.
These social sites are not your ISP.
These social sites are like inviting a business into your living room to eavesdrop on conversations with your acquaintances.
And for those who say "Who cares of I publicly post all my thoughts and relationships?" I have one question:
What would McCarthyism look like with the data available today?
Rather it seems we have to have special whole new laws because "via the internet" or "with a computer" needs to be tacked on. I'd say this is the larger problem.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
It takes retarded exaggerations and steals our comments.
It only steals them if you post as AC. Otherwise the remain your comments, freely posted, and ultimately your own responsibility, and they appear here because you GAVE them to Slashdot, not because they stole them.
Step away from the keyboard and nobody gets hurt.
But I do understand your example of "retarded exaggerations". *cough*.
Sig Battery depleted. Reverting to safe mode.
You can be paranoid about it. But the fact is that we all depend on companies every day and trust them with our personal info. There really isn't an alternative.
Most communications companies' revenue streams are not based on data mining. Telcos, mobilecos, etc., make money from charging you money not from selling information about you. Any data they collect would generally only be used internally for service quality monitoring.
.... for a social networking platform that does not track/store/analyze/use my personal data or relationship information.
Any takers?
Something tells me that the 'free' fee for facebook has everything to do with its popularity. Some of us would pay, but many people have culturally come to understand that so long as something is 'free', anything can be given up for it.
On the very few (read one in the UK) occasion your analogy is correct there has been a massive public outrage:
http://en.wikipedia.org/wiki/Phorm#BT_trials
So people generally don't accept it when it is your ISP. They shouldn't (but ATM seem to) accept it with fb. How long that will last only time will tell - MZ will be happy once he has his billions - most things he has been saying of late in a "tech visionary" context are just complete nonsense, so I suspect he isn't in it for the long term.
Most facebook users have no idea how deep the analysis of their data/relationships goes or the true privacy implications related. Don't assume too much about average joe.... average joe and janette are strapped with bills, jobs, kids, housework, overtime, stress, and american media psychosis... if understanding privacy and internet data mining isn't part of their occupation, there's a slim chance they know about it.
This is the guy who also said that clang was built "entirely to undermine freedom".
Why does anybody listen to this nutter?
... we all depend on companies every day and trust them with our personal info. There really isn't an alternative.
I wonder why?
When I arrived to the US and received my SSN, I tried to take the message that was next to it seriously : "Keep this number safe and secret" / not word by word citation/.
Then I went to get bank account, set up account for gas / electricity, driver's licence, cell phone contract, everywhere I was asked for my SSN. Seriously, why can PEPCO, GEICO, WASHGAS, AT&T oblige me to reveal this information?
My guess is that people in the US have been slowly but surely trained to surrender sensitive personal information to third parties.
You can be paranoid about it. But the fact is that we all depend on companies every day and trust them with our personal info. There really isn't an alternative.
Why is there no alternative? FB is not really a required service you depend on.
Email and Internet access probably is a required service, but email is not centralized and monopolized, but using an open standardized protocol, Internet access at the other side is a classical man-in-the-middle problem - that's why ISPs are regulated (and at least in most countries forbidden to do man-in-the-middle actions) - and you can always use SSL and HTTPS to exclude your ISP from overhearing and profiting from your conversations.
How shortsightedly-inane-for-the-sake-of-a-headline can you get? At least making a facebook account and having your data shared is an option.
According to the author's logic, the United States Postal Service, for the service of getting our mail delivered, has EVERY SINGLE ONE OF OUR PHYSICAL ADDRESSES, regardless of whether we opted in to begin with! Holy shit.
In the internet era there are businesses built around things that would not be permitted using other communication channels.
http://i.imgur.com/jk4xT.jpg
i would not trust most of the internet, especially facebook, myspace, twitter, and google & yahoo
Politics is Treachery, Religion is Brainwashing
So you take the view of Sun's Scott McNeally:
"You have zero privacy anyway," Scott McNealy told a group of reporters and analysts ...
"Get over it."
I don't read your sig. Why are you reading mine?
Your ISP does not see the information you transmit if it's encrypted, or email, chat, etc.
If you're taking a paranoid view, a slight clarification is needed here. Your ISP does not see the unencrypted information you transmit if it's encrypted, or email, chat, etc., as long as they do not have the means to decrypt that data.
Ask me about repetitive DNA
By that logic, my ISP, my cellphone and land line phone companies, the Social Security Administration, my health insurance company, my doctors, my tax accountant, my employer and even the executor of my will are Man in the Middle attackers too.
Man, I feel safer already!
BTW, there are two misnomers in the world today. Security and privacy.
Privacy doesn't exist. If someone wants to know all about you, they can. The reason for that is because of security.
That doesn't exist either. Security is nothing more than a series of pitfalls, booby traps and firewalls put between the outside world and whatever you want to keep "safe". The idea there is to make the time, effort and resources needed to get to your stuff to be greater than whatever it is you want to keep safe. The second you think you are "safe and secure" is the second you will be down for the count on something as simple as a DDoS attack.
The people who want to get your stuff just because they can have no concern for the amount of time, money and effort needed to get your stuff. There is no dollar value you can assign to principle. THOSE people are the dangerous ones because they are doing something they BELIEVE in. Spammers and others who are selling your info for profit, the only thing they believe in is a paycheck and they will go for the easiest paycheck they can.
For a case study on what I'm talking about, I submit Anonymous.
Those dudes and dudettes are both the bane and the hero of an IT security person's existence. People like Anonymous not only give security people headaches at work but they keep them employed too.
NEVER post anyting on FB (or any other social media type site) or willingly give up personal information online without VERY good reason and then ONLY using HTTPS or other secure/encrypted means. A social site wants your birth date? Forget it or lie to them... They ask you for your mother's maiden name as a "security question"? Really forget it, it's not worth the risk. Social Security Number? You got to be kidding! Credit Card number? Rreally? If you really *must* then do what I do and contrive an alternate "backstory" with all this kind of information to give out online. At least with a fictional life story, your not as easy a target for ID theives like my poor nephew is now. Hopefully, not being the easy target might save you the trouble of clearing your name, or (shudder sudder) your kid's credit history.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
The equation the guy proposes, looks sound. Moreover, observational data supports the equation. There is nothing overstated in that.
Facebook is de facto the evil intermediary in between people, just like how record companies are the evil, unneeded intermediary in between artist and the fan.
Read radical news here
If you use FB, you know that your friends and family will post personal information about you as well.
Worse: If you do not use FB, you know that your friends and family will post personal information about you as well.
http://www.computerworld.com/s/article/9164978/Narus_develops_a_scary_sleuth_for_social_media
Narus is developing a new technology that sleuths through billions of pieces of data on social networks and Internet services and connects the dots.
The new program, code-named Hone, is designed to give intelligence and law enforcement agencies a leg up on criminals who are now operating anonymously on the Internet.
In many ways, the cyber world is ideal for subversive and terrorist activities, said Antonio Nucci, chief technology officer with Narus. "For bad people, it's an easy place to hide," Nucci said. "They can get lost and very easily hide behind a massive ocean of legal digital transactions."
http://www.hotvoipnews.com/blog_87.shtml
VoIP Blocking in Saudi Arabia using Narus Software
VoIP blocking in Saudi Arabia has been around for sometime and was aided by the introduction of the VoIP blocking software provided by the Californian Company Narus. The reasons the Saudi government block VoIP is to protect the national telephone carrier Saudi Telecom from potential competition. By prohibiting VoIP calls people based in Saudi Arabia are forced to use the more expensive Saudi Telecom service.
You have all the privacy you want, but you can't have your pie and eat it too.
If all else fails, immortality can always be assured by spectacular error.
Your ISP can see which websites you visit, how long you spend there, how often you visit the site and what time of day you go there. It will be easy enough to build a profile on a user with just this information.
I wonder if you could make a firefox plugin that encrypts all posts to facebook, also detects other peoples encrypted posts and if you have their pub key decrypts them to view. Could also have something similar that encrypts images to a valid jpg/gif/png what ever but only decrypts again if you have the key.
Paying taxes to buy civilization is like paying a hooker to buy love.
Carrier pigeons are susceptible to attack via bird feeders. They simply harvest the information when the pigeons stop to eat.
You just can't win.
Try not to take me more seriously than I take myself.
So basically PGP for facebook?
This is one of the reasons I had such high hopes for Google Wave, a decentralized 'social' service. A similar model to smtp where each entity/end user can run their own wave server if they so wish.
If anyone thought there was any sort of privacy on Facebook they were incredibly naive.
Personally, I would figure a more Peer 2 Peer method for social networking would be more effective. Essentially take the mining out of the picture by literally not knowing/seeing anyone else unless you actually met them and shared credentials.
I must respectfully disagree with your statement. It's not being paranoid; it's looking realistically at what you give up to maintain "vanity" sites. As far as alternatives go, everything available to you prior to selling out to Facebook, Twitter, Google+ and the rest of the services people find so "convenient" in their lives are still there. Telephone (excluding texting), e-mail to individuals or groups of friends, real mail (cards, notes, etc. - I know, "how 20th century" (eyeroll)), actual face to face lunches, beers, whatever, maintaining a few real close friends instead of hundreds of "acquaintances", etc.
I am always surprised that people hand over the keys to their life so cheaply.
As always, this is just my opinion.
"Life is not magic." Dr. Ron Weiss - "If we don't play God, who will?" Dr. James Watson
Utility services? I PAY for my utilities, and the phone companies especially charged through the nose. You PAY, you are the customer. You get it for free, you are the product.
So unless you propose paying a monthly fee and a usage fee and a signup fee and a rental fee for your facebook usage, shut the fuck up with your idiotic notion that you companies got to provide you with free services and not make a single penny of you.
And if you don't like facebook, DON'T use it. It is not hard, I am not using it right now and still have time to insult your feeble self-entitled mind.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Your ISP can see which websites you visit, how long you spend there, how often ....
Yes, but it is not part of their business model to do that.
People would be quite out-raged to receive an email from their ISP, that reads: ... P.S.: Has your daughter looked at planned parenthood?
Based on the web-sites you visited, we recommend following companies to you.
fB is also worming their way into other sites via scripting. I play some games at an EA owned site and suddenly you can not select a game room, or even see a game room list, unless you allow scripting by facebook.net. In the interests of allowing fB members more interaction EA has in fact forced everyone using the game to send data to faceBook. Anyone not blocking scripts is totally unaware of the issue, but most of them probably think fB is a good thing anyway.
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
I think the only way to maintain my privacy is to completely withdraw from society (like Ted Kaczynski). I would need to get paid only in cash and to buy things only with cash in stores without a surveillance system and not have any bank accounts. I couldn't own any property or cars, boats, etc. I couldn't use the Internet (except possibly through some paranoid onion router arrangement but never enter any personal information anywhere).
I don't know about you but this is just not feasible. I don't use Facebook but I am sure they are tracking me anyway. I know Google tracks me everywhere and probably knows more about me than anyone.
I'm not sure what "pie" I want (other than to have a job, buy food, etc and relax in my spare time) but I don't think anyone can protect their privacy in this world. We could hope that government will try to protect us from abuse of our private information but since (at least in the US) the government is controlled by corporations, this is not likely.
I don't read your sig. Why are you reading mine?
What would McCarthyism look like with the data available today?
You remember when your president had to publicly reaffirm he wasn't a muslim but a good god-fearing christian with good wholesome christian values ? McCarthyism never left.
You americans and your battles over symbols. You raise a big stink over irrelevancies like ID-cards and Facebook and meanwhile you've got the TSA, warrantless wiretaps, draconian copyright lawsuits, etc.
If all else fails, immortality can always be assured by spectacular error.
Tynan is a critic of Facebook, but he thinks Moglen is overstating the case.
While the language is a bit...hyperbolic, he's essentially right.
Chas - The one, the only.
THANK GOD!!!
They'll still be able to see what sites you're visiting. Even if the actual data is encrypted it would be trivial to log tcp connections and IP's. In fact, you can bet that the black boxes in place already do it.
I wonder if you could make a firefox plugin that encrypts all posts to facebook, also detects other peoples encrypted posts and if you have their pub key decrypts them to view
Like this http://en.wikipedia.org/wiki/Off-the-Record_Messaging ?
Sigh - straw man arguments are so tiresome.
These social sites are not your ISP.
These social sites are like inviting a business into your living room to eavesdrop on conversations with your acquaintances.
Except that they do sell themselves as that friendly neighborhood cafe where everyone hangs out - like in the dream world of Friends.
- Just that the owner listens in on your conversations and keeps a file on all of the guests.
You could do this pretty easily, the problem is most people who use facebook don't care about their privacy and the people who would use this would soon lose the need for it when all of their friends blocked them because their pictures are f'd up and everything they post is garbled.
Not to mention, if the majority of FB users started doing this, they will share their key unencrypted over status updates and PMs.
But the fact is that we all depend on companies every day and trust them with our personal info.
Very, very, true. I work for some of them. However.... it is worth noting that there are some pretty strong NDA's and SLA's in place that define exactly how we store the data, what we will do with that data internally, how we might use 3rd parties to provide service, our own backup policies etc.
Also, the companies I work for get paid by you. YOU ARE OUR CUSTOMER . With Facebook, YOU are the product, the advertisers are the customer.
Now it is not tremendously difficult to understand there is a huge difference between Facebook and other SaaS companies out there. So it is a bit disingenuous to draw that kind of comparison when offsite storage services don't have a vested interest in pouring over your data for marketing information to sell to the highest bidder.
It's not being paranoid when Facebook is going to be filing reports with the FCC soon on how they profited on violating your privacy.
But they don't record or resell that information.
Yea, I've been noticing this on A LOT of sites. Pages won't load right or load at all unless the ubiquitous FB(and lets not forget Google) and it's associated sites are allowed... It's quite fascinating how quickly FB has achieved this feat, and rather disgusting. People rail endlessly about Obama and how "the gubment" is taking over, etc;. FB and Google is who people should really be concerned with.
We play the game with the bravery of being out of range
When the environment you live in is socially engineered in such a way that people believe they are acting out of free choice when really they are being manipulated...
Taking personal responsibility is important, but when people are deliberately poisoning the environment you live in so that is becomes increasingly difficult to make wise choices, then that can definitely be viewed as an attack.
There are tons of behavior traits you move through every day which have been formed without your knowledge and which you almost certainly think were actually your own personal choices. You may have dodged the Facebook trap, but you have been, without question, successfully socially engineered countless times.
There's absolutely nothing wrong with being pissed off about that. In fact, if you aren't, then there's something wrong with you.
That is at once outstandingly stupid and overwhelmingly dangerous.
Good to see someone has finally figured this out. I knew this from day 1 of facebook. How gullible people are. That why I have never or will never use it.
If you are really concerned about privacy, however, there is nothing (AFAIK) that would stop you from composing your message, using GPG to encrypt the text, then posting the *encrypted* text on Facebook.
I'm not a huge fan of Facebook for numerous reasons, but IMHO, this whole "oh noes -- Facebook is reading my texts!" alarmism is really rather disingenuous. C'mon -- you're posting comments on a public web site. It's more like talking to your friends in the hallway back in your high school days than a telephone call. If you really expect privacy on Facebook, then you are dangerously naive.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
What Facebook does is all perfectly above-board, because Facebook's ownership of everything you put there is right in the Terms of Service that you agreed to when you signed up. While some such agreements have been overturned in court, most of them are legally binding. As long as Facebook stays within the bounds of their side of the contract, then there's nothing you can do legally about it.
Where does Facebook make their money? Let's see
- Matching you against advertizers so that the ads you see are more likely to be clicked. Ad clicks are revenue.
- Datamining "anonymized" information about all their users to sell to companies that want statistics about people.
- Kickbacks from leading users to paid services.
Facebook started out as a social networking site. That is what Zuck had in mind. But when he had to turn in into a business that made money, the obvious thing to do was to use the information people put there. Facebook's three primary engineering trusts are (a) improving their site so as to keep you addicted to their service, (b) improving their site so as to maximize the value of the datamining output, and (c) minimizing the cost of providing those services.
In fact, this is little different from what Google does. They keep cookies about what your searches have been and use that to match you against advertizers. If you combine Google searches with gmail, Google+, and Google Docs, you have the same amount of information, a vast treasure trove from which to learn general things about people and to profile individuals in order to match the against ads.
This is the nature of all free web services. But even paid services like Netflix, Newegg, and Amazon mine your searches and purchases and compare you with other people in order to do a better job of recommending things you'll like. Netflix had a million-dollar prize dedicated to this. Amazon always recommends products bought by others looking at what you're looking at. And I regularly get emails from Amazon telling me about products I might like, based on what I've bought in the past. Is this an invasion of privacy? It's hard to say, because it's not clear where the ethical line is between helpful recommendation systems and scouring every detail of your life.
None of these services sell your personal details in an identifiable way. Besides the fact that they'd get into all sorts of consumer protection trouble, Amazon does not want Barnes & Noble to know your purchase history! Same with regard to Netflix and Blockbuster. On Facebook, every tiny piece of info that appears on your page is something you or one of your friends chose consciously to put there. Mind you, that can go wrong, when someone puts up a photo of you that they didn't have permission to put up, but be careful who you're friends with, eh? But everything else is really under your control. It gets really creepy when you get an ad popping up related to something you mentioned in a chat session. I think that's going a bit far. But again, you chose to use Facebook (rather than, say, a telephone or jabber) to communicate that info, and you already know that Facebook owns it. Creepy but completely above board and legal.
Facebook is like the way the devil is described in some religions. He doesn't force you to sin. He simply provides you with many irresistible temptations. Facebook plays on human psychology and this weird combination we have of being introverted (many of us) and wanting to connect with other people. Facebook is designed by experts at addicting people and making them WANT to expose their deepest secrets. The temptation is so great that we consciously choose to walk naked through the streets, knowing full well that many nefarious eyes have really good binoculars. Going well beyond creepiness, Facebook's unfathomable privacy settings make it ripe for identity theft, even newborns who grow up to find out that they have credit card dept of mysterious origin.
And yet Facebook, much like the devil, always follow
Back when Facebook became the Next Big Thing, I thought it seemed silly and a bit dangerous to rely so heavily on a single web site for so many things while excluding anyone who wasn't a member. You're just opening yourself up to monopoly abuses in that situation. I thought an open protocol for interfacing with social media components, whether hosted on Facebook, a competitor, or a personal site would be a more inclusive solution with less potential for exploitation or single point of failure issues. Then I realized that there would be no commercial incentive to supporting a solution that bypasses central servers, so of course it would never happen. The Internet is devolving back into AOL.
I also receive a bill every month from my telephone provider. I don't receive one from Google, Facebook, etc. Most sites on the Internet have a business model that is more like AM/FM radio (as opposed to XM or Sirius) than your telephone service.
I understand and expect that what I post on-line may be parsed to direct targeted advertising at me. In return, I get a service for "free" (as in beer). I'm not terribly bent out of shape about that any more than I am bent out of shape that radio stations play ads every couple of songs as I'm driving home <shrug>
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Why do you think Facebook is not required? What makes email any more required? Much of the internet and media you consume assumes you have facebook, and it's only getting more prevalent every day.
Additionally, the majority of people who use Facebook do so without understanding the ridiculous intricacies of the privacy and security issues that plague it. Facebook's privacy policy has way gone beyond the point where the average person's common sense will protect them, so it does become a problem that needs to be legislated.
the warmongers allow you to post on Slashdot with impunity. Maybe you are overstating the case?
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
Yeah and exactly how crazy will that make the DHS? Every encrypted message would probably put you on a terror watch list.
(It is probably a good thing that no one has pointed out to them that 100% of terrorists breath air. They would probably regulate that or put all people who breath air on the 'no fly' list...)
Most people I know simply don't care about their privacy when it comes to facebook, google+, whatever. They want an easy way to post their pictures online and stay "connected" with friends and family. Email does not work because granny has learned to never click anything in an email so the 50mb zipped attachment stays in her Inbox, or if she does click it, can figure out what the zip file is. Things get too complicated for regular users and it's easier for them to make excuses about privacy, stay in denial, and pretend google or facebook will never screw them.
I think Moglen is spot-on but you can't expect people to get on-board when they haven't the background to understand the situation. What's worse is the one-click Easy Button for everything has become the norm and people expect that. Anything more and they get glassy-eyed and loose interest faster than a 5yr old on a sugar high.
If social networking is to become more secure, it's not going to come from google or facebook. It will come from the OSS community in something like googlesharing, (encrypted) Tor, Bittorrent or the like.
Join the Slashcott! Feb 10 thru Feb 17!
You wish to escape into a fairytale fantasy land that never existed. I'm not saying it's wrong to aspire to a society with a healthy respect for the privacy of the individual, it's a good thing to strive for, but what you wanted has never been a reality. Actually the world you see now is probably the most privacy conscious that has ever existed.
If all else fails, immortality can always be assured by spectacular error.
AT&T couldn't just randomly listen in on your phone calls
Well, yes and no.
Back in the really Bad Old Days when operators manually made things work, operators could and sometimes did listen in on a call if it seemed likely to be really interesting. Apparantly, celebrities would sometimes joke about that, along the lines of "Ok, you can hang up, Atlanta. You too, Chicago." or try techniques like announcing some well-known person was dead to see if they got a reaction from somebody other than the recipient of the call.
I am officially gone from
It's not an attack, if people are using it willingly.
They log this info under CALEA regulation in the US, probably keeping it forever. There is no warrant required for the sharing of the info with the govt. because they are considered the 'owners' of this info, not the end user.
I see you get it.
We play the game with the bravery of being out of range
Commercial incentive isn't the only creative force in the world.
Plenty of protocols and programs have been made without monetary motivation.
The assertion that "Facebook is a man in the middle attack" is utter bullshit. an "attack" would imply that Facebook is doing something that the user does not want to do.
The reality is that facebook/myspace/google+ et al. is a service in which the user willingly sends their information to them, and then they happen to share such information with some connections.
People do that willingly, people willingly sign up to facebook and send such information to facebook. The people who do not want to share information with facebook do not do it.
Ubuntu is an African word meaning 'I can't configure Debian'
and if you have their pub key
You mean private key. Everybody can be assumed to have their public key. That's why it's called "public".
I post about this each time it comes up (and some google fanboys mod me down since they can't stand the truth).
I buy parts at electronics places like mouser.com, digikey.com and so on. very well known, famous, respected, trusted parts sellers. large companies buy from them. anyone doing r/d that has any soldering aspect, goes thru a place like that eventually.
yet, you can't order parts or shop for parts *entirely in their site* without a google ads or syndication or some other google domain coming into place.
note, I did not start out searching, I went directly to digikey or mouser and stayed there. but the browser area that shows what outbound connects are happening, shows google this and google that.
pretty unnerving. and unnecessary.
soon you won't be able to do business unless you whitelist these places. I'm talking about google here, yes.
--
"It is now safe to switch off your computer."
If you send encrypted information through your ISP, they can't read it.
If you send encrypted information THROUGH Facebook, they'll remove it calling it "spam". I tried this and, supposedly, they censor all encrypted messages, only allowing clear text, unencrypted messages on Facebook. It's like they say "Don't distribute encrypted information through our service. Since we can't read it, there's no profit in it for us."
Eben Moglen is absolutely correct that Facebook is a man-in-the-middle service attempting to fool dumb people into disclosing their personal information and secrets.
If it caught on it would probably spark a terms of use change at facebook and you'd risk being banned for using it. I haven't read the terms of use but I wouldn't be surprised if its not already in it.
The users are the product, if the product can no longer be sold it will no longer be stocked.
I think the only reason we are so aware of privacy in the modern world is because so many organizations are actively trying to exploit it. 100 years ago it simply wasn't practical to try to maintain large card catalogues of everyone in a country unless you really needed to, due to the expense. Now its trivial, and there are plenty of businesses and government organizations that are quite happy to have greater profitability/control over our lives.
I have a FB account I admit. I should delete my account (if that's actually possible, I am sure FB will keep the data anyways). I access it a few times a year mostly when my wife tells me there is something posted on my wall that I should read. I detest the centralization of personal information and even more so the active data mining of it.
I agree with TFA, its an elaborate man in the middle attack designed to do as much as it can to reduce our privacy and exploit it for the purpose of making money.
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
Your ISP does not see the information you transmit if it's encrypted, or email, chat, etc.
Facebook CAN see the messages you send, even if your communication to and from facebook is encrypted.
Following this logic, GMail, hotmail and other webmail providers are themselves MITM attacks, and have been serving as identity proxies for entire online presences since the mid-nineties.
Which in fact makes sense - Facebook's big market opportunity is to corner the public identity management space, and they've been trying to topple plain ol email as a communications method for several years now (facebook messaging).
Make sure everyone's vote counts: Verified Voting
"Actually the world you see now is probably the most privacy conscious that has ever existed."
Losing your privacy raises your consciousness.
I am glad that "I have nothing to hide (TM)" but I worry when I hear things like the two Brits who were sent back home from the US after our ever vigilant and effective Border Patrol found that they had Tweeted something like "destroy america and dig up marilyn monroe" which is apparently some kind of slang for "party hard". In our Brave New World, everything you say and do is recorded and can be held against you by those without a sense of humor.
I don't read your sig. Why are you reading mine?
These social sites are like inviting a business into your living room to eavesdrop on conversations with your acquaintances.
Precisely, but I don't think that argument leads where you think it does. If I knowingly invite a business into my living room to eavesdrop on my conversations, what possible reason would I have to be surprised when they do exactly that?
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
The name is "trusted middlemen", and anybody claiming it is an attack is doing yellow journalism.
It is true that the more people you have to trust, the worse off you are. It is also true that trusting a corporation can be quite worse than trusting an individual (but then, it can be quite better in other points of views). It is also true that trusting corporations that already showed that they don't deserve any trust is even worse. But equating it to a man-in-the-middle attack is a lie. Plain and simply, a lie.
Rethinking email
Sure, and we could easily email our (dozens, hundreds, whatever) of our friends daily with all the photos and news updates we care to share with them, eliminating FB entirely.
That's why FB is *not* any kind of attack. An attack implies an unauthorized insertion into the data stream that forces us to unknowingly share our data with the attacker. We willingly give FB our data, knowing full well (if we read any of the news on the subject at all, or the TOS) that they will use that data to their financial benefit. Calling that an attack is lying saying your dentist can be arrested for assault after the pain he inflicts on your teeth and gums.
A lot of companies use Google tracking instead of internal log analysis. You should be able to block the Googlebugs safely (for now).
Forget diamonds, copyright is forever.
Slashdot just surprized me last week with a better crop of ads :) I even clicked on them... The first time in several years.
Anyway, it is quite obvious that /. and Facebook are ad supported. Do you think there is somebody that doesn't know that already?
Rethinking email
It's basic economics. In a nutshell, companies will ask you for everything they can get away with asking you for. People, on the other hand, will give away information when the service they receive in exchange is greater than the perceived cost of giving that information away. Why can "PEPCO, GEICO, WASHGAS, AT&T oblige [you] to reveal this information?" Because you want their services bad enough to be willing to give that information away, perhaps?
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Exactly right. Facebook is a man-in-the-middle attack on privacy...and it's all controlled by one company. Moreover, it's use is not voluntary since it has become the primary form of online communication between those under the age of 25. What is needed as an alternative is a open-source specification for a new social networking protocol that can be implemented on any server as a peer-to-peer system that will service any social networking client that conforms to the specification. Unfortunately, the only way that that could be implemented efficiently would be if every global user were assigned a unique alphanumeric identifier and THAT would take some sort of global registry maintained by some organization like the United Nations.
A lot of geeks around me regard FB and G+ with suspicion/derision. I wonder if there is a significant percentage within Google & FB employees who feel the same way. Or is it mandatory for them to have an account and use it?
Stated another way...
Your relationship with your ISP: You are the customer.
Your relationship with Facebook: You are the product.
A somewhat less cynical view is that Facebook is to your social interactions what a bank is to your money. You let Facebook manage your interaction data. The advantage for you is that sharing is easier and the data is more secure than it is in your own safe. In return, they get to use your interaction data for their own gain.
Now the banking sector has been heavily regulated by the government to restrict their use of their customers' money to what the community considers ethical. Probably things will have to go wrong before it goes the same way for internet social networks.
We had this. It was called the web. Anyone could put up a website. Even host it right out of their own home. But it was a pain even for many advanced users, and impossible for many normal users to figure it out.
Enough of the hyperbole. Facebook only has as much on you as you let them have. No one died in the transition from MySpace to Facebook and no one is going to die when Facebook goes the way of MySpace.
People just want to be lazy about their lives and blame others when things go wrong for doing so. Facebook can't share anything with anyone I don't let share myself to begin with.
Yup, you're right. No way other people could tag me in their photos and have that violate my own privacy.
I've always view Facebook as a modern day, War Games. The only winning move is not to play.
=================
Unix is very user friendly, it's just picky about who its friends are.
Yeah, but so is getting a driver's license (giving up essentially all of you personal information to an organization who's data security is really, really bad) and talking on a phone or texting (every communication can be kept).
Is it dangerous? Yes, just like walking down the street, taking a shower, or eating food you haven't personally raised and prepared. At least someone is getting worked up over it for me so that I can go back to not giving a shit.
Is it just my observation, or are there way too many stupid people in the world?
Unless you live in the UK, in which case if you use BT as your Internet provider they intercept all your communications. They then break down your data by protocol, using "deep packet inspection", and profile each subscriber for advertising purposes. All totally illegal yet done to tens of thousands of subscribers without their knowledge, not that BT cared. You can read more here.
Phillip.
Property for sale in Nice, France
They should take a driver's license number instead or another government ID (military, state issued non-drivers license, passport, etc). Legally I don't believe they can "require" a SSN. Of course I'm not a lawyer, I just play one on /. I setup all my utilities with my DL# (which is different from my SSN).
or maybe they don't want people distributing binaries or running a number station on their service, for liability reasons.
not that i disagree necessarily; i just don't think facebook has very sophisticated text mining (yet).
"They were pure niggers." – Noam Chomsky
Agree. 100%
I'm Starting With The Man-In-The-Middle
I'm Asking Him To Change His Ways
And No Message Could Have
Been Any Clearer...
"Flyin' in just a sweet place,
Never been known to fail..."
"Actually the world you see now is probably the most privacy conscious that has ever existed."
Losing your privacy raises your consciousness.
I am glad that "I have nothing to hide (TM)" but I worry when I hear things like the two Brits who were sent back home from the US after our ever vigilant and effective Border Patrol found that they had Tweeted something like "destroy america and dig up marilyn monroe" which is apparently some kind of slang for "party hard". In our Brave New World, everything you say and do is recorded and can be held against you by those without a sense of humor.
50 years ago they would've been sent home because some didn't like the look of their face or invented some kind of communist sympathies. The problem in case of the TSA isn't privacy but the lack of due process, the fact that they had the power to invent a stupid reason to send these people home. I'm not defending invasion of privacy but I do think that in a lot of cases the loss of privacy is vastly overstated and in fact the very existence of privacy is a very recent thing (there are still plenty of small towns where everyone knows everything about everyone else.)
When I look at your earlier post, most of the examples you cite actually aren't invasions of privacy. The bank knows about your transactions but it only becomes an invasion of privacy when it applies that knowledge to other unrelated domains. The store films you, but that's not an invasion of privacy if the tapes are destroyed in 48 hours as they should be, but rather used to identify you for some other purpose. Facebook isn't invading your privacy because you are the one posting your information, information most people are positively eager to broadcast.
If all else fails, immortality can always be assured by spectacular error.
A few years back, a few ISPs were caught selling user browsing information to NebuAd. NebuAd took that information to design ads targeted better to you.. Obviously, once it became known, users protested and the ISPs relented. Still, it would be very much in their business interests to do this again if they could figure out a way to do it without users protesting. (Say, via a government law mandating that they keep these records.)
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
You forgot to mention that the "land of the free" has 23% of the world's prison population along from it's 5% of the world population (60% of whom are in prison for non-violent crimes).
Fanatically anti-fanatical
If you have Pidgin I believe you can at the very least use OTR messaging through Facebook chat directly.
OTR-Pidgin is pretty much perfectly implemented as far as cryptography and end-users go in my opinion, and I wish more people would pick it up.
I think the only reason we are so aware of privacy in the modern world is because so many organizations are actively trying to exploit it. 100 years ago it simply wasn't practical to try to maintain large card catalogues of everyone in a country unless you really needed to, due to the expense. Now its trivial, and there are plenty of businesses and government organizations that are quite happy to have greater profitability/control over our lives.
Cite me an example where you have lost control over your life. So people profit over the information that you, and all of us, broadcast about ourselves all the time, so what ?
I have a FB account I admit. I should delete my account (if that's actually possible, I am sure FB will keep the data anyways). I access it a few times a year mostly when my wife tells me there is something posted on my wall that I should read. I detest the centralization of personal information and even more so the active data mining of it.
I agree with TFA, its an elaborate man in the middle attack designed to do as much as it can to reduce our privacy and exploit it for the purpose of making money.
No it's just a formalized way to capture the information you were leaking about yourself anyway by offering a service that's actually useful to most people. If you don't like it you should drop out.
If all else fails, immortality can always be assured by spectacular error.
I just came across this "health news" item:
"Hospitals increasingly are mining patients' health and financial records to market specialty services such as cancer, cardiac and orthopedic care to a targeted group of individuals, Kaiser Health News/USA Today reports.
To develop the targeted mailings, hospitals use patient data, as well as detailed information on local residents that they purchase from consumer marketing firms."
I think we are on a very steep slippery slope and I would not be as complacent as you seem to be.
I don't read your sig. Why are you reading mine?
The sad thing is that sites like Facebook are not adding all that much value. If you think what it would take hardware-wise to just run it all as distributed P2P we're talking basically about the cost of a wifi AP and a USB HD, given the ISP costs are foregone. There's some software value added, but most of their software development is for their own benefit (dealing with scaling issues solely because it's a hub-and-spoke architecture, and figuring out how to monetize) not for the user's benefit.
So this "free service" probably is a freebie to the tune of maybe $10/year, yet people flock to it as if it is the greatest bargain ever.
Someone had to do it.
WTF idiot modded this a troll? Feel free to mod me a troll, but this was quite insightful!
In Canada, you're issued a Social Insurance Number, SIN, which is similar in nature to the SSN.
By law, only the Govt, employers and financial institutions may request your SIN (this is from memory, so there may be one or two others)
That doesn't prevent people from throwing it around haphazardly: About 10 percent of the resumes I used to process included it, often in the address....
cheers,
I don't believe that its quite that bleak. You buy a service from Facebook, and you pay with your privacy - and a fraction of your visual field of view (eg looking at ads).
I do not watch free-to-air TV, as I don't wish to pay for their service with my time (watching their annoying ads).
I do not watch pay-TV, as the original intent was for my cash payment to grant me freedom from those ads, and the pay-TV companies re-neged on their promise.
Facebook does not ask me to surrender my time in exchange for their service, so their price is acceptable to me... for now.
Sigh, people who start their comments with "sigh" are bordering on the ridiculous.
Especially when they are ACs.
In fact, an ISP that *does not* log this info will not be around log. The reason is that a competant ISP will keep packet logs for at least a couple days in order to catch a blackhat. Bigger ISPs might keep logs for 3 months so they have something when they get a motion of discovery (similar to mugging money -- got nothing to show to the guys in suits with the constable, say buh-bye to your business, because your biz will be then the defendant named in short order.)
Meant to state that an ISP that does not keep security logs will remain in business for long.
Ideally, the best policy an ISP can have (because they are caught between the Scylla of user privacy, and the Charybdis of LEO requests) is to keep logs for a certain period of time, then expunge them, and have a backup rotation cycle which enforces this (perhaps by using encryption keys which are destroyed when the data is expired.)
If we could get everybody to encrypt every message, and convince websites to use only SSL; that would eliminate that as a possibility.
Encryption need to be the default, not the other way around.
I can dream can't I?
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
Why now does he come out against Facebook? Where was he in the days of Friendster or Myspace?
I am Bennett Haselton! I am Bennett Haselton!
Because you want their services bad enough to be willing to give that information away, perhaps?
It's grey, not black and white.
I want their services because I must use their services. Two examples : it would be pretty difficult to book a flight nowadays w/o credit card (Credit Card). I also need electricity (PEPCO).
And I don't have a choice: we have one provider for electricity and that's it. So it's either hand over SSN or bust. Having arrived from abroad, the local credit union gave me a real credit card - I was actually lucky, with other banks the likely scenario would have been : hand over SSN, you have you account + prepaid credit card...
If you know an insurance company, bank, ISP that provides service at a reasonable price and does not require the client to hand over his/her SSN, please let me know!
Not exactly. The requirement you're trying to conjure is that the parties believe their communication is private.
And, as you suggest, users may expect privacy for a number of reasons. They may not understand how their workaday drivel could be of value to corporations and governments, and so wouldn't expect detailed analysis of their updates and taggings. Or they may not understand the infrastructure, perhaps partly from ignorance (and not caring to look into how computer communications work), perhaps partly from obliviousness (not even consciously registering that there's infrastructure, let alone how it might work).
Otherwise, users may lull themselves into thinking that it doesn't matter if their blathering is monitored. That is, they think they have virtual privacy because they think the information they're giving up is useless. This is where more technically savvy advocates of Facebook fall, I'm guessing. They're not so stupid they don't realize that Facebook has detailed access to their every comment and action on the site (often even realizing that web bugs track them even when they're not even at the Facebook website), they just don't think it's a concern. Well, the truth is that lots of data add up, and even individual comments or tags can be of great value. It's hard to judge the usefulness of these things from the perspective of a little person, without the perspective of a large corporation or government agency. There is no virtual privacy resulting from the unimportance of your social communications. There is only a failure of insight or imagination to reveal the value to be wrung from your information.
Another important connotation of MitM, and one that is not analogously mirrored in this situation, is the ability to alter messages. It's implied to be related to MitM, but I don't know if it's generally agreed that message alteration is a necessary attribute for defining what is a MitM attack. (For instance, merely intercepting data is a valuable result of interposing in believed private communication — gathering credit cards this way is a profitable attack.) Oh, but then again, the ability actually is there. My mistake. It's just not one that we would expect to be actively used. Not regularly, anyway.
If you come in from abroad, it might take you a month to get a driver's license...
Personally, I did not force exploring what alternatives I have. It was simple enough to understand this is how things work and after having lived in three different countries as an adult, this is definitely a case to which the proverb applies :
"Taking a leak with the wind in your face is not a good idea."
Or call it path of least resistance :/
Realize you're being a bit flippant, and sarcastic in that anything gets you flagged these days. But it's important to remember that even with encryption, "big brother" would still get most of what they want. Only part of the value of wiretapping is the raw message. The parties are oftentimes more invaluable.
Even with crypto, facebook would still be a free, eternal, roaming pentrace that doesn't need a warrant and tends to crudely geolocate all recipients.
If somebody's sniffing facebook, you don't just know that alice told bob "east wind, rain".
You know that alice is talking to bob. And that alice associates with bob, clarice, dave, elaine ...., all of whom like to talk with Maude...
And in the case of facebook who read it, when they read it, who they shared it with, who "liked" it, and approximately where they were when they logged in with a bit of trivial analysis.
Crypto only protects the contents of the message. Not the identities of the parties.
DHS isn't about terrorism protection--it's about witchhunts. And facebook is a free roster of "known associates" to apply profile until you find a suspect.
Every time an article related to real-life security (i.e., fighting terrorists) appears, Slashdotters come out of the woodwork to say that there have been an average of 300 US deaths in the past 10 years from terrorism, more people die from car wrecks and smoking, etc.
Same thing here: out of all the evil that MIGHT come from sharing on FB, how many people actually lose jobs, have government agents show up at their door, etc?* For 99.9999% of people sharing on Facebook, there might be a few somewhat-bad things that happen (most likely someone finding out more than you would have liked) but probably not too much more common than what spreads through traditional gossip anyway. I imagine very few bad-with-a-capital-B things happen. Most people will die without having experienced first-hand (or even second-hand) any disasters from sharing on Facebook, belonging to supermarket loyalty clubs, etc.
I'm not saying there's nothing wrong or potentially bad, but like most other things in life it just won't matter to most people.
* And in cases where it DOES happen, I'm sure most belong in the category of "you shouldn't have been doing that (or at least not talking about it)"--crimes, affairs, etc.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Summary might say:
Even quoting 'man in the middle attack' as if to quote Moglen.
But article only says:
It's actually vague.
You don't get to 500 million users without understanding the contents of every message. Text data mining is actually one of the simplest things to implement and can provide a wealth of attitudinal data about products and services.
My Facebook rep has gone into some of their programs for targeted display of ads. I haven't asked her too much about how it would work, but the message she keeps driving home with me is that they can target ads based on how much someone likes something. She says this is based on more than what someone clicks on.
You share things on Facebook that you don't care that other people know. [...] If you use Facebook for anything that even approaches the requirement of "privacy", then you are a complete idiot.
Facebook was instrumental in the Arab Spring precisely because people shared things they cared about. Does that make them complete idiots or rather brave heroes?
As FB (and others) are cozying up to dictatorships such as China, it becomes crucial whether we can trust them.
That said, cases like that of this man detained in Syria are possible without any collaboration between a regime and FB; ironically, the "man in the middle" role is less powerful because of FB's requirement to use real names. So the two privacy concerns cancel each other out to some degree.
Another reason I miss true peer-to-peer messaging systems like Jabber, despite all its shortcomings.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
What would McCarthyism look like with the data available today?
You remember when your president had to publicly reaffirm he wasn't a muslim but a good god-fearing christian with good wholesome christian values ? McCarthyism never left.
You americans and your battles over symbols. You raise a big stink over irrelevancies like ID-cards and Facebook and meanwhile you've got the TSA, warrantless wiretaps, draconian copyright lawsuits, etc.
I don't know what your smug about, as megaupload shows, your not safe in other countries from us.
Be seeing you...
Sounds like this wasn't such a conspiracy theory after all, eh? What better way to keep people from having any privacy than to kill the creator of the one website which would have worked to help provide it cheaply and easily to the public. It's time to make a diaspora, and leave Facebook forever, as far as I am concerned.
Thinkingman.com New Media
The point is that more and more companies offer products that replace open protocols with open servers and clients. Email is/was SMTP with millions of servers and client applications implementing that protocol. No room to make money apart from selling bandwidth. The web as we know it is HTTP with millions of servers and clients and while there is ample room to make money it's not actually a product.
Facebook and Twitter aren't protocols. They are products, owned and controlled by companies that does all of this to make money and to achieve this they offer what people want, not what's sound and reasonable from a technological POV.
If you have a closer look at this you will find that there are reasons for this shifting picture: All the good old protocols were designed from a very technical point of view, or from the point of view of technical users. Email is complicated to set up, there's a reason for many people (if they still use email at all anymore) using some webmail service. It also doesn't do very much except sending messages and small files around. It offers no way to actually find people. The web (based on the Hyper Text Transfer Protocol) just transfers files containing clever markup and doesn't care for anything else. All of this fine and dandy from a technical POV but just doesn't address very much of what "normal" people actually want to do.
I really can't be angry about what Facebook does, because: We (as geeks) just totally failed to come up with protocols and tools for an infrastructure that would've been able to address the needs of casual users. Instead we insisted that webmail is silly and a full-featured MUA the way to go. In Usenet we were fighting HTML content and fake names even as Usenet (as a communication platform) went under. And there was never anything that even tried to implement a net-wide address book or useful calendaring. All these missing things left a gaping hole that companies like Facebook just exploded into like a gas into a vacuum.
It's easy to hate Facebook and to praise geekdom, but we just miserably failed. We were (and still are) more fascinated by the tools instead of what people might want to do.
Enough of the hyperbole. Facebook only has as much on you as you let them have. No one died in the transition from MySpace to Facebook and no one is going to die when Facebook goes the way of MySpace.
People just want to be lazy about their lives and blame others when things go wrong for doing so. Facebook can't share anything with anyone I don't let share myself to begin with.
Very true. Except:
Facebook has caused a large number of divorces, Employers use it to see how their apps are in life, and the government is using it now to spy on us.
With all of that, I'm going to say that within 2012, someone will die because of Facebook.
Probably suicide, but then, we can't rule out murder. Of course, we might get the parent who neglects their kid to death...
Be seeing you...
The ideal balance would be aggressive data retention laws which have some teeth.
For example, data on FB that a user explicitly deletes has to be removed from storage within some time period (7 days). Data like marketing info needs to be expunged from FB and advertiser records in 3-30 days. Data a user explicitly posts gets around for 6-12 months, then the user is presented with an option to keep it. If the user doesn't explicitly state to keep it longer, it gets purged.
The law will have to have teeth, where a firm can't just make a copy of it, stash it offsite, and copy it back in, or make one change and say it is new data.
Even CCTV cameras need to have a data life, where if data is kept longer than a date, someone goes to jail.
However, actual enforcement likely won't happen. The EU seems to be toothless when it comes to enforcing their data retention laws. In fact, most companies just write off their fines as a cost of business.
Otherwise the remain your comments, freely posted, and ultimately your own responsibility,
Can I delete my Slashdot comments? If so, how? If not, why do we rally against Facebook and just accept Slashdot who has been in the never-delete-anything business for far longer then Facebook?
yes, but facebook rate limits messages also! with a coding scheme as sparse as that, you'd be lucky to send a kilobyte per hour.
"They were pure niggers." – Noam Chomsky
And the public doesn't seem to care much. Remember that little skirmish about Politico.com buying analysis from FB on public and private message mentions of republican candidates to "evaluate sentiment"? A few people complained for a bit about not being able to opt-out and then it all died out (despite questions on randomization of results etc).
Add to that clickstream selling by ISPs, and attempt to gather and sell your information pretty much by everyone (heck, yellow pages delivery opt out form demands phone number and email) and people seem to be simply tired of fighting it.
Hyperom.com
If you use FB, you know that your friends and family will post personal information about you as well.
Worse: If you do not use FB, you know that your friends and family will post personal information about you as well.
This is why I don't have any friends, and avoid family.
Be seeing you...
it depends what you mean by text data mining. yeah, you can grab keywords, and there are some simple clues about proximity of certain simple adjectives, and you can sort of associate certain vocabularies with income and spending habits, but the R^2 is pretty low. text mining is far, far away from "understanding the contents of every message." even google does a shoddy job; many of its text mining-based ads are silly and even insulting.
most of the marketing-juice comes from (surprise, surprise) the social network. facebook has trained people (maybe not you, but probably many of your "friends") to advertise themselves! if you're 1 hop away from 6 people who all explicitly "Like"d some expensive imported chocolate or coffee, that will probably tell me a whole lot more (marketing-wise) about you than any 100 of your messages, even if i had a human being reading every one of them, which text mining is nowhere near.
"They were pure niggers." – Noam Chomsky
There is something stopping you, it's called facebook - only plain text communications are allowed, and the site will automatically block the posting of encrypted content. For a simpler example of the filtering they use, try posting a link to thepiratebay.se and see how far you get
Who needs to encrypt traffic? I have no problem communicating in plain text.
Btw, the gray petunias have puppies. And you should put up the scarecrows.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Depending on the information you want to pass, a kilobyte is probably more than you need.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Nonsense! I don't use any protocols but SSH, as far as they know. And I never connect to anything but a boring corporate server in a clean room they don't have access to.
fair enough. nonetheless, it does keep away the more vulgar attempts. for example, no one bothered to develop facebookFS. ;-)
"They were pure niggers." – Noam Chomsky
I agree and never noticed the tracking which is done until I installed and used Ghostery. I have it set up where it has the popup which shows all the sites which silently track my web usage and many sites have over a dozen different trackers, the vast majority of them are Google and FB.
"A government is a body of people usually -- notably -- ungoverned." -Shepherd Book
So, you've never had to handle backups and data retention for a large database in the real world, I take it? Guaranteeing specific data removal is very, very hard. Mostly removing data is easy and reasonable.
You're special forces then? That's great! I just love your olympics!
You trust your isp with some personal information, and true you can't easily and practically get around it... but people CHOOSE to blast every detail of their life in public forums like facebook. it is purely choice, and choosing not to do it does not demand some sort of extreme workarounds, as "living off the grid" might.
code is poetry. information is liberty.
Interesting. I wasn't aware that Facebook wouldn't allow the use of encrypted text. I suppose you could still post a screenshot of your encrypted text but that's a rather extreme step, I suppose (assuming Facebook didn't delete the post and/or terminate your account). In any case, thanks for correcting me :)
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
your loss of money on lottery tickets. It is a voluntary tax in ignorance. Facebook (and the lottery people) know that there are huge numbers of ignorant people out there who are willing to part with something valuable for something of very little (or no) value simply because they don't understand what they are parting with and what they are gaining/losing.
Oh yeah, and Windows is malware.
all this crap about how "the average joe doesn't understand how information travels and how it can be data mined" yadda yadda is a moot point.. If average joe doesn't know how to operate a chainsaw, no one goes harking at the chainsaw manufacturer when he cuts his leg off. If average joe doesn't know how to ride a motorcycle, and he takes off on a bike, it's his own stupid ass fault when he hits the ground. If average joe doesn't know anything about mechanics, he doesn't need to go tinkering with the engine. If he don't know how to drive, what the hell is he doing behind the wheel? If average joe doesn't understand privacy and data and technology, he shouldn't go blasting the net with his private life details. Computers and the internet were made and built to do one thing: store, process, and share DATA, INFORMATION, and KNOWLEDGE. Maybe, average joe shouldn't play with toys he don't know anything about. . Let the INTERNET (a unified global computer network) be for those that understand COMPUTERS and NETWORKS (oh wait, we already have onion, darknets, etc for that).
code is poetry. information is liberty.
about me anyways.
anyhow, your mom is mitm. why would you put something on fb you didn't want fb to know? if you _share_ a link to something you think is interesting.. why would you care that mitm gets it?
now, if you live in indonesia and have to hide your atheism, I suppose you might want to share things like that under a pseudonym, in which case they'd be a mitm to that..
world was created 5 seconds before this post as it is.
and i almost forgot. if i walk up to average joe and ask him for any or all of his name, social, credit card number, phone number, location, social activity, snippets of his conversations, photos of him, etc etc, he would probably back away and likely call the police, regardless of whatever convenience or product i'm giving in exchange (he would probably do it or cash though, heh). So when same average joe goes typing all that stuff into the magic and mystical screen that can talk to people all over the world, guess what that makes him... a jackass.
code is poetry. information is liberty.
I know this guy who gives his girlfriend blow in exchange for blowjobs. Sometimes people need saving from themselves.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Thanks for one, taking a statement and spinning it in a way that totally contradicts what can reasonably be assumed. It's actually a fallacy. But hey, if you want be Captain Obvious, have fun with that. And two, thanks for reiterating what I already stated that your privacy and security are non-existent, especially in the face of someone willing to expend untold amounts of time, effort and money to get it.
Oh and yes, the person willing to forgo any thought to resources in order to get to your personal information is more dangerous than some dude stealing credit card numbers. The person wanting your financial info just wants to rob you blind, couldn't really care less about your feelings or reputation and such. The person looking to get all your info at any cost is trying to destroy you. That's more dangerous. Unless you like some dude from the Ukraine parading around as you?
Screenshot o.O say WAT ??? cough ... Steganography ... cough
-- Brought to you by Carl's JR
"Yea, I've been noticing this on A LOT of sites. Pages won't load right or load at all unless the ubiquitous FB(and lets not forget Google) and it's associated sites are allowed"
This sounds like a clear violation of anti-tying provisions in the Magnuson-Moss Warranty Act.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
"The people who do not want to share information with facebook do not do it."
Go shopping online and try telling me that one more time with a straight face.
You're practically FORCED to give information to FB or Google if you want to do anything online. Shopping, video chat, etc.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
What would a peer-to-peer "Facebook killer" alternative look like?
Your ISP does not see the information you transmit if it's encrypted, or email, chat, etc.
Facebook CAN see the messages you send, even if your communication to and from facebook is encrypted.
So you're saying an intermediary can see information if it's not encrypted? Thanks captain obvious! If you want to use Facebook and want to prevent Facebook from reading your messages then encrypt your damn messages!
is it google analytics or google api or what?
I've bought from both of them, with analytics blocked in no-script, no problems. I might have APIs whitelisted though, not certain right now. An awful lot of sites use google analytics for statistics, but I've never seen it be essential for function.
All you need is the website itself (pages, DBs, etc.) , a cheap webserver, and the knowhow to point DNS to the IP address for your website. Isn't that pretty much how you would host a website out of your home (pesky ISP "no server" clauses aside)?
Random Thoughts From A Diseased Mind (Not For Dummies)
Has anyone considered steganography? Just encrypt your messages in pictures and send someone the link via message... to FB, it just looks like you're sharing pictures back and forth.
Random Thoughts From A Diseased Mind (Not For Dummies)
That thought *did* occur to me.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
that's true, but even then facebook will recompress your jpeg even if it's the "right" dimensions. they might even being do this expressly to defeat steganography (in addition to saving disk); research would be required. the standard steg algs can't survive a recompression, although should be doable in principle.
"They were pure niggers." – Noam Chomsky
Requiring all of the tens of millions of FB users to:
a) Have the knowledge to run these servers.
b) Be able to distribute their IP addresses to dozens or hundreds of "friends".
c) Convince enough said "friends" to bother in the first place. Social media has a minimum population requirement.
d) Be willing to expose said servers (and potentially all of the computers on their internal networks) to the entire internet.
etc etc. There's a reason FB is popular and hosting your own system is not -- hosting your own system is a pain in the ass.
Facebook was instrumental in the Arab Spring precisely because people shared things they cared about. Does that make them complete idiots or rather brave heroes?
I didn't say "things they cared about", I said "for anything that even approaches the requirement of "privacy"" Those two are not remotely the same thing.
ironically, the "man in the middle" role is less powerful because of FB's requirement to use real names.
Facebook requiring real names is a myth to begin with. Many, many users use completely fake information, some quite obviously so.
Tequila: It's not just for breakfast anymore!
Someone else pointed out the fallacy of your argument with a chainsaw example, which covers it well. At some point, the end user has to take responsibility for their own information, particularly when they are manually adding it to a website for the world to see.
People can get bent out of shape when website lie about their policies, rightly so, but it is obvious what Facebook is using the information for: to serve up ads geared toward your interests and your friends. Again, anyone who uses Facebook for anything that requires "privacy" is an idiot, regardless of how clueless the moderators are.
Tequila: It's not just for breakfast anymore!
Or better said, if you're not the farmer, you're the pig. Free food, water and a place to live?!? What could possibly go wrong?
I will now use this argument against Socialism too. Thanks. :)
Yes, that is exactly how you would do it.
Sounds great, but $5/year will lose them almost all of their users. Remember... everyone feels entitled to getting things for free.
Turns out all my friends and relatives kept feeding them information about me anyway.
Liberty.
We believe that discussions in Slashdot are like discussions in real life- you can't change what you say, you only can attempt to clarify by saying more. In other words, you can't delete a comment that you've posted, you only can post a reply to yourself and attempt to clarify what you've said.
In short, you should think twice before you click that 'Submit' button because once you click it, we aren't going to let you Undo it.
Our culture doesn't get smarter, it just finds new ways of being retarded.
I'd mod you up if I had any points today. You have hit the nail on the head with a sledgehammer.
Right on! However I am of the opinion that such market models are short-lived for a reason. They don't create anything of REAL value. If Facebook and Google are monitoring my use of other sites while I am signed into their site, it just means that they have more information about my web-life. If I never spend any money on Facebook, then they won't earn any money from me. They might know a web-site that I did buy something from, they might even know what I bought, and how I paid for it, but if they didn't refer me to the site, they havn't even provided the site with any real service. When you boil it all down, all you have left is what advantages the web has always provided, access to people, resources, products, and information that you would never encounter in your localized physical world. It's things like that make me wish people would get serious about the web and quit trying to use it EXCLUSIVELY as a means to rip people off in one way or another. Unfortunately it will take the full collapse of the fossil-fueled components of our economy for us to utilize this wonder of human thought to it's "TRUE", and "REAL" potential!
-Oz
The odds of terror and government repression don't add up the same for personal risk. Terror is more random, but once you begin to be a real threat to the government (say as an effective organizer) your odds are way above average for becoming the victim of repression.
OK. So, analogous to how the government set up the Federal Reserve to be the lender of last resort, I guess we need a Friendship Reserve to be the "liker" of last resort, for people with no friends, right?
I'm not a lawyer, but I play one on the Internet. Blog
Protocols are always going to be wrapped into products if there is any money to be made. And everybody just wants something to work, nothing else, if it is beyond his field of expertise.
An open protocol can never be monetized, except for some support.
Running a number-station on the Internet is beyond trivial anyway, and removing encrypted content from Facebook does not even make it hard to do so over Facebook. You just need to steganographically hide the numbers in status-updates about cats, or pictures of same.
> We all have to die, so let's commit suicide?
7592 people liked this!
Not for *any type of communication*, but rather, just for one where you're using broken/vulnerable encryption protocols. I don't think it's posible (with current technology), for my ISP to monitor my XMPP or email traffic.
Any encryption that requires key exchanges to set up the encryption is vulnerable. If you want to be really paranoid then you could assume that your ISP also modifies your browser executable when you download it to inject it's own CA so that even that level of security is gone. This is why those RSA keyfobs are used for VPN in large companies - it provides a shared key in a way that your ISP can't intercept to set up the encrypted connection.
"Any encryption that requires key exchanges to set up the encryption is vulnerable[...]"
As you yourself said: shared keys are a way ISPs can't intercept an encrypted connection. I don't think SSH can be man-in-the-middled if I already have the public key of the server beforehand either.
I don't think my ISP can man-in-the-middle my connections to my own XMPP server.
Browsers/IM packages are signed. Saying the ISP modified the ISO of the OS when I downloaded it is just being paranoid.
The point is: it's posible to protect yourself from having the ISP reading your messages quite easily. It's not through facebook.
gotta love that term!!!
Or better said, if you're not the farmer, you're the pig.
Free food, water and a place to live?!? What could possibly go wrong?
I will now use this argument against Socialism too. Thanks. :)
I actually think this cuts both ways, one could say the farmer is the 1% paying the minimum required to keep all of the lower classes happy while they get ready to slaughter them for their own gain.
I mean I'm no expert, but my understanding with Socialism was that there was no class division, thus no farmer.
=================
Unix is very user friendly, it's just picky about who its friends are.
So how did you get the SSH keys onto the server in the first place? If it was via physical access then of course your ISP can't MITM it, since it wasn't in the middle when you sent the keys. I'm talking about encryption based around RSA, PGP, SSL, or SSH. All of these require some method of getting your public key to the person you want to communicate with, and if you're sending it over your ISP then it is possible for your ISP to intercept it and MITM your communication channel, rendering your encryption useless. I'm not saying ISPs are doing this, I'm saying it would be possible for them to, and that that is the definition of an MITM attack and that nothing FaceBook is doing would qualify as an MITM, since FaceBook isn't in the middle in the first place - it's the end point.
CALEA is not a log retention act. It's a regulation that says device manufacturers need to allow the means for law enforcement to access it. It can also extend to networks and configurations - such as in the case of the phone companies.
However, one of the big impediments to law enforcement investigations of legitimate criminal activity has been the lack of log retention. Depending on the ISP, you may get anywhere from a few weeks to a few hours. There is no uniformity. However, there have been bills introduced at the federal level to require mandatory log retention but the bills have stalled in committee.
Yes, government can obtain certain pieces of data without a warrant. Generally, these fall under the allowances granted by the Electronic Communications Privacy Act (ECPA). Usually, the rules are non-recent user content to summarize. Account information, IP addresses, headers, etc. are all fair game. Stored email older than 180 days is also fair game. New email or other private data needs a warrant. Although exceptions exist.
Although it doesn't seem like it - there are actually rules in place.
"Draw them in with the prospect of gain, take them by confusion." Sun Tzu
I see you've never read Animal farm.
Free Martian Whores!
Why not get rid of the middle? One of you young hotshots should write a program that does what FB, G+, and MySpace does/did that requires no outside servers, only the people you're connecting to.
Free Martian Whores!
yeah, but there would be a few advantages to piggybacking on facebook, like automatic redundancy; when it comes to crooks, it's usually not what's possible, but what's easy. crooks are usually dumb; slashdotters don't get that.
but yeah, the primary reason is probably to put the kibosh on casual file-sharing, and i can't blame them for that.
"They were pure niggers." – Noam Chomsky
https://en.wikiquote.org/wiki/Eben_Moglen, great quotes
You hear about the person who didn't rely on anecdotal evidence to support his belief system?
Yes, when I set up my servers, I copy the ssh key physically onto it, and it's signature from it. I right after I plug them in, and install an OS on them.
Facebook is no the end point of my message, the other person is.
Just as Yahoo! or gmail aren't the end point of the e-mail I send to people who use them. They're just intermediaries.
My point is: ISP don't necesarily have access to everything you say as stated. They might TRY to access your communications in some ilegal way, but they don't have implicit access to every message like facebook, which was the starting point of this discussion.